Initialization
You create a new KeyStore by passing a null InputStream
to the KeyStore load method.
When you create a new KeyStore, the nCipherKM provider generates a KeyStore key that is used to sign trusted public certificate entries.
The relevant signature is verified when public certificates in the KeyStore are used; this functionality prevents an attacker inserting new certificates into a KeyStore without the protection token that is needed to use the KeyStore key.
By default, the KeyStore protection key is OCS-protected.
Ensure that the passphrase argument used with the KeyStore interface matches the passphrase of that OCS.
When the KeyStore method is called, you must present a card with a matching passphrase from the required OCS.
You can use the protect
system property to change the protection type used for the KeyStore key; for more information about the protect
property, see System Properties.
An existing KeyStore file is not overwritten if the KeyStore store method is called on an OutputStream
directed at the same file path.
Instead, the KeyStore at the existing path is used to store the keys in the new KeyStore.
This operation fails if the passphrases for the two KeyStores do not match.